diff --git a/apps/api/src/services/courses/activities/assignments.py b/apps/api/src/services/courses/activities/assignments.py index bf790ed4..a10d5f44 100644 --- a/apps/api/src/services/courses/activities/assignments.py +++ b/apps/api/src/services/courses/activities/assignments.py @@ -1,7 +1,3 @@ -#################################################### -# CRUD -#################################################### - from datetime import datetime from typing import Literal from uuid import uuid4 @@ -553,7 +549,7 @@ async def put_assignment_task_submission_file( org = db_session.exec(org_statement).first() # RBAC check - await rbac_check(request, course.course_uuid, current_user, "read", db_session) + await rbac_check(request, course.course_uuid, current_user, "update", db_session) # Upload reference file if sub_file and sub_file.filename and activity and org: @@ -948,7 +944,7 @@ async def update_assignment_task_submission( ) # RBAC check - await rbac_check(request, course.course_uuid, current_user, "update", db_session) + await rbac_check(request, course.course_uuid, current_user, "read", db_session) # Update only the fields that were passed in for var, value in vars(assignment_task_submission_object).items(): @@ -1083,7 +1079,7 @@ async def create_assignment_submission( ) # RBAC check - await rbac_check(request, course.course_uuid, current_user, "create", db_session) + await rbac_check(request, course.course_uuid, current_user, "update", db_session) # Create Assignment User Submission assignment_user_submission = AssignmentUserSubmission( @@ -1319,7 +1315,7 @@ async def update_assignment_submission( ) # RBAC check - await rbac_check(request, course.course_uuid, current_user, "update", db_session) + await rbac_check(request, course.course_uuid, current_user, "read", db_session) # Update only the fields that were passed in for var, value in vars(assignment_user_submission_object).items(): @@ -1404,6 +1400,18 @@ async def grade_assignment_submission( status_code=404, detail="Assignment not found", ) + + statement = select(Course).where(Course.id == assignment.course_id) + course = db_session.exec(statement).first() + + if not course: + raise HTTPException( + status_code=404, + detail="Course not found", + ) + + + await rbac_check(request, course.course_uuid, current_user, "update", db_session) # Check if assignment user submission exists statement = select(AssignmentUserSubmission).where( @@ -1535,6 +1543,18 @@ async def mark_activity_as_done_for_user( statement = select(Activity).where(Activity.id == assignment.activity_id) activity = db_session.exec(statement).first() + statement = select(Course).where(Course.id == assignment.course_id) + course = db_session.exec(statement).first() + + if not course: + raise HTTPException( + status_code=404, + detail="Course not found", + ) + + + await rbac_check(request, course.course_uuid, current_user, "update", db_session) + if not activity: raise HTTPException( status_code=404, diff --git a/apps/web/app/orgs/[orgslug]/dash/assignments/page.tsx b/apps/web/app/orgs/[orgslug]/dash/assignments/page.tsx index 5a92a45c..67500c6b 100644 --- a/apps/web/app/orgs/[orgslug]/dash/assignments/page.tsx +++ b/apps/web/app/orgs/[orgslug]/dash/assignments/page.tsx @@ -6,7 +6,7 @@ import { getAPIUrl, getUriWithOrg } from '@services/config/config'; import { getAssignmentsFromACourse } from '@services/courses/assignments'; import { getCourseThumbnailMediaDirectory } from '@services/media/media'; import { swrFetcher } from '@services/utils/ts/requests'; -import { Book, EllipsisVertical, GalleryVertical, GalleryVerticalEnd, Layers2, PenBox, UserRoundPen } from 'lucide-react'; +import { Book, EllipsisVertical, GalleryVertical, GalleryVerticalEnd, Info, Layers2, PenBox, UserRoundPen } from 'lucide-react'; import Link from 'next/link'; import React from 'react' import useSWR from 'swr'; @@ -113,6 +113,15 @@ function AssignmentsHome() { ))} + + {assignments.length === 0 && ( + <> +
+ +

No assignments available for this course, create course assignments from the course editor

+
+ + )} ))}